NewsBits for June 5, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Virus makes unwelcome return People are being warned to be wary of a new variant of a Windows virus that wrought havoc last year. Bugbear was one of the most virulent viruses of 2002 and has now returned in a new guise. The variant is packed with a variety of malicious programs that help the virus spread, steal confidential information, hide its origins and disable security software. PC owners are being advised to update their anti-virus software and be suspicious of e-mail messages they were not expecting.,,t269-s2135657,00.html,10801,81834,00.html - - - - - - - - - - 8,000 kid porn images... but no jail term A MAN who had 8,000 images of child porn on his home computer escaped jail after a judge ruled it would be better for society if he was rehabilitated in the community. Detectives found the haul of pictures and video clips on the computer of 32-year-old Ossett man Paul Berry. Although Berry had one of the largest collections of child porn ever seized in West Yorkshire, Judge Ian Dobkin ruled that an 80-hour community service order was sufficient punishment. Berry was arrested after police went to investigate his father, Stephen Berry, who had been caught by the CIA using his credit card to access American child porn web sites. - - - - - - - - - - Child porn man quits health job A LEADING health board official has quit his PS45,000- a-year job after avoiding jail on a charge of downloading child pornography. Tom Skinner, 58, was fined PS2,000 and put on the sex offenders register for five years after admitting paying to download images of naked children. Skinner was sentenced on Monday for using his credit card to access child porn websites and downloading 64 images which he copied to disk. - - - - - - - - - - Guilty plea over child porn charges A Christchurch computer technician has pleaded guilty to 17 charges of possessing, making and trading pornographic files involving children. Dustin Arthur Barrett, aged 30, admitted the charges in the Christchurch District Court on Friday and was remanded in custody for sentencing next month. Crown Prosecutor, Jane Farish, said Barrett was found to have traded child pornographic images over the internet. She said Barrett stated in an online conversation, that he asked for images featuring boys under 12 enaged in sexual acts in return for images that included toddlers. Jane Farish said tens of thousands of image files were found on Barrett's computer depicting older teens.,1227,195717-1-7,00.html - - - - - - - - - - Man gets probation in child porn case He viewed photos while on job at Naval Academy. A Naval Academy worker who pleaded guilty to distributing child pornography was sentenced yesterday to five years of probation and ordered to have no unsupervised contact with children. Anne Arundel County Circuit Judge Paul A. Hackner brushed aside a state prosector's request for jail time, noting that the defendant, David N. Sprachner, 44, had no prior record and had sought counseling. Sprachner spent 13 days in jail after his arrest in December and had been on home confinement until his sentencing yesterday. Sprachner, who had lived in Glen Burnie before moving to Odenton a few months ago, had been a maintenance help-desk employee at the academy for five years when he was arrested in December on child pornography charges. Co-workers had caught him viewing photographs of nude children on his desktop computer.,0,2035370.story - - - - - - - - - - Man charged with child porn taught at Holy Blossom Computers seized at the border at Niagara Falls. An American man accused of possessing child pornography, who was arrested after he attempted to get into Canada, also used to teach music at Forest Hills Holy Blossom Temple. Customs agents in Niagara Falls arrested 33-year- old Aaron Hillel Tornberg on May 17 on charges of possessing and importing child pornography. Agents said they found graphic images of children when they searched computer equipment a man was attempting to take into Canada from New York State. - - - - - - - - - - Mexican 'porn king' arrested A 25-year-old Mexican man is being held on suspicion of being one of the country's biggest promoters of internet child pornography. Leobardo Diaz Sarabia was arrested in southern Mexico City by officers posing as potential buyers of pornography, the Federal Protective Police said. He reportedly offered to sell them pornographic images of girls between six and 16 years of age. Police said Mr Diaz arrived at the meeting with a briefcase containing a portable computer and compact discs with images of children having sex with adults. The discs were said to be selling for the equivalent of between $145 and $490. Mr Diaz is also accused of posting websites promising the "service" of under-age girls, and advertisements offering "real sex with girls". - - - - - - - - - - Verizon turns over subscriber names in Internet piracy case Verizon Communications reluctantly surrendered to the music industry on Thursday the names of four Internet subscribers suspected of illegally offering free song downloads, but vowed to keep fighting the law that forced its hand. Verizon was compelled to give up the names Wednesday by the U.S. Court of Appeals for Washington, D.C., which rejected the telecom giant's request for a stay while it appeals a lower court decision won by the Recording Industry Association of America. - - - - - - - - - - US appeals court hands back to original owner The US Court of Appeals has handed back the domain to its original owner after three years of protracted, convoluted and insidious legal argument. The decision on 2 June 2003 "reversed, vacated and remanded" two previous decisions by WIPO and the US District Court and was the first time the law had been applied correctly since Barcelona City Council attempted to relieve Mr Joan Nogueras Cobo - a Spanish citizen living in America - of the domain on 26 May 2000. - - - - - - - - - - Bush administration to unveil cybersecurity initiative The Bush administration is set to announce a cybersecurity initiative on Friday, prompting speculation by technology industry experts that officials will unveil the hierarchy of a new government office on the subject. Robert Liscouski, assistant secretary for infrastructure protection at the Homeland Security Department, will host a roundtable to unveil the initiative, said David Wray, a department spokesman. Word of the event touched off talk that the White House has chosen a cybersecurity director who will be placed within Homeland Security, but Wray cautioned that the event would not be a "personnel announcement." - - - - - - - - - - Lobbying War Breaks Out Over Internet Gambling Bill A House bill aimed at curtailing Internet gambling has ignited a lobbying war among groups as disparate as convenience store operators, Indian tribes and horse track owners. The measure, which could reach the House floor next week, is Congress's latest effort to crack down on Web-based gambling, which rakes in $6 billion a year, lawmakers say. - - - - - - - - - - Ashcroft defends search of library records Attorney General John Ashcroft defended the Justice Department's search of library records under the USA Patriot Act, telling lawmakers the process safeguards individual privacy. Lawmakers expressed concern that officials conducting electronic surveillance for intelligence purposes under the Foreign Intelligence Surveillance Act (FISA), which was reformed under the Patriot Act, have too much power and may be encroaching on civil liberties. - - - - - - - - - - California Senate passes bill to crack down on identity theft Californians who believe their identity was stolen by a person hoping to skirt responsibility for violating state laws may have an easier time arguing their case under a bill approved by the Senate today. The bill, by Sen. Dede Alpert, D-Coronado, encourages law enforcement officials to get a thumbprint of individuals cited for various traffic and other infractions who can't provide valid identification. Backers say the bill will make it more difficult for a person to refuse to show identification and lay the blame on someone else. - - - - - - - - - - Antipiracy team scans Asia P2P sites A U.S.-based software antipiracy group has begun to target Asia-Pacific Web sites and users of peer-to-peer file-sharing networks, looking for those who trade in illegal software. The Business Software Alliance (BSA), whose members include large companies such as Adobe and Microsoft, has recently aimed its software-sniffing Web crawler specifically at Asia-Pacific sites, according to a BSA representative. The action was prompted by the high rates of Internet-based piracy in the region, which is beginning to rival more traditional methods such as illegal discs, said Jeffrey Hardee, BSA regional director, Asia-Pacific. "P2P is one the biggest problems we have in Asia-Pacific," he said. Hardee expects the crawler to turn up thousands of infringing Web sites every month. So far, software-swapping Web sites have been found in Singapore, Korea, Australia, Taiwan, Japan and China, he said. - - - - - - - - - - Sobig: Spam, virus or both? The quick spread of the recent Sobig.C worm may owe more to advances in spamming techniques than to the skill of an anonymous virus writer, according to a leading antivirus company. An analysis of e-mail messages containing the new worm variant by antivirus company Kaspersky Labs International revealed what appears to be a distribution pattern more akin to spam e-mail than a fast-spreading virus, according to Denis Zenkin, head of corporate communications at Moscow-based Kaspersky. Like the original Sobig virus, Sobig.C is a mass-mailing worm that spreads copies of itself through e-mail messages with attached files that contain the virus code.,10801,81825,00.html - - - - - - - - - - Linux hacks hit all-time high Hackers are increasingly targeting non-Windows servers. Security analyst mi2g has released research claiming that hack attacks against Linux are exploding, while attacks on Windows-based servers are dropping off. - - - - - - - - - - Approach to spam could make e-mail more problematic It's being promoted as a surefire way to eliminate unsolicited e-mail: Force senders to prove they are human rather than one of those automated programs that inundate the Internet with spam. Known as challenge-response, the technology obliges senders to verify their authenticity before their electronic messages can be accepted. But the technique has consequences far beyond stymieing spam-spitting software robots, and some leading anti-spam activists fear it could backfire and render e-mail useless if widely adopted. - - - - - - - - - - MGM Mirage scraps online casino operations After investing millions of dollars to build the first Internet gambling site operated by a major U.S. casino company, MGM Mirage Inc. plans to discontinue the site at the end of the month. The site was based in the Isle of Man, a small island-nation off the cost of Britain that created Internet gambling regulations to offset a declining tourism economy. The Web site contained security verification technology that pinpointed where gamblers were located to block wagers from the United States, where Internet gambling is illegal. It accepted bets from a few countries that allowed Internet gambling, primarily the United Kingdom. - - - - - - - - - - Wired magazine story to detail Slammer Web attack Wired magazine is planning to publish the underlying code for the Slammer worm that slowed Internet traffic to a crawl in January, raising questions over whether such articles inspire future hackers or educate potential victims. The article, which will be published in Wired's July issue due out Tuesday, details how the Slammer worm, also known as "SQL Slammer", spread rapidly through the Internet on Jan. 25, shutting down Internet service providers in South Korea, disrupting plane schedules and knocking out automatic teller machines. - - - - - - - - - - Army sets IT goals for 2015 By 2015 the Army should be able to deliver security patches to 90 percent of its servers, or disconnect those servers, within 12 hours of learning about a potential security problem, an Army official said today. By that same date, the Army should have a global help desk operation, addressing problems across the service whatever the theater of operation. - - - - - - - - - - College radio reprieved from pigopolist punishment Last weekend college Internet broadcasters in the United States signed-off on an important royalty agreement with the RIAA that should keep non-commercial webcasters a'streaming. The Intercollegiate Broadcasting System (IBS), with 800 student-staffed member stations, is one of the parties to be involved. The deal is a result of a mandate from the Library of Congress, which sets the royalty rates. The stations can now avoid the game of Russian Roulette called CARP arbitration.,1412,59105,00.html - - - - - - - - - - Protection of the intellectual property in Ukraine Hardly more than year has passed after the Law on laser disks has been passed. One of its positions is the creation of inspectors division on the intellectual property. Today inspectors operate in all regions of Ukraine, Kiev and Sevastopol. The basic function of the inspector is the regular control over businesses in sphere of the intellectual property. - - - - - - - - - - Apple Preps Mac OS X Server Security Update Apple Computer Inc. is preparing to release a security update to Mac OS X Server, sources said. The patch will reportedly update Mac OS X's installation of Apache 2.0, fixing a security vulnerability. The company Wednesday seeded a pre-release copy of the update to developers. The security update was marked June 5, indicating that Apple plans to release it to users today. The update will upgrade Apache to Version 2.0.46, patching a security hole in mod_dav, an Apache module that provides DAV functionality. When set off remotely, this security bug can cause Apache to crash, according to documentation.,3959,1118394,00.asp - - - - - - - - - - Wireless toolkit earns FIPS stamp Certicom Corp.'s toolkit for developing secure applications on Microsoft Corp. Windows CE-based mobile devices has receivedthe federal government's highest security approval, paving the way for users to store confidential data on Pocket PCs and SmartPhones. Certicom, a provider of wireless security technology, on June 3 reported that Security Builder GSE has earned the Federal Information Processing Standards (FIPS) 140-2 certification for Windows and Windows CE. As a result, the toolkit meets government security requirements for both PC-based and wireless operating systems. - - - - - - - - - - Cisco builds WLAN security framework Cisco Systems this week introduced an architecture designed to make wireless LANs easier to manage and more secure. Cisco's Structured Wireless-Aware Network framework, which includes a series of enhancements and additions to its hardware portfolio and new software capabilities, are also designed to head of the threat of competitors using wireless LANs as a bridgehead to attack Cisco's core enterprise networking market. - - - - - - - - - - Fighting computer crime For all of the concern about Internet attacks from abroad, the annual Cybercrime report of the International Chamber of Commerce (ICC) concludes that more than sixty percent of the world's cybercrime originates in the United States. Moreover, a recent study by Deloitte Touche Tohmatsu (DTT) indicates that Europe, not the United States, is leading the way in terms of implementing security policies and standards. So, what are we to do? - - - - - - - - - - Are you prone to a Web attack? Most broadband users leave doors wide open for attack by Internet thieves and hackers, study finds. An overwhelming majority of broadband users are leaving their doors wide open for attack by Internet thieves and hackers, an industry study has found. The report, released by the National Cyber Security Alliance on Tuesday, found that most broadband users lack basic knowledge of protections against the dangers of an always-on connection to the Internet. - - - - - - - - - - The danger of mobile viruses The devastating damage that viruses can do to a network of PCs is well understood, and companies have long been protecting against the danger by implementing antivirus applications. But the explosive and, in corporate terms, largely unmanaged growth of mobile computing threatens to undermine traditional virus protection. - - - - - - - - - - Protect your company from deadly viruses Security, trust and privacy go together. Without security, how can you trust the data? Without trust, how can you feel secure? And without privacy how can the user trust the system with personal data? To achieve the appropriate balance between security, trust and privacy requires a combination of people and technology, and acorn companies have a major part to play. They can provide innovative technologies, a task which may prove beyond larger vendors because such technologies could undermine their own business. - - - - - - - - - - Fear drives irrational security decisions It was bad enough that, before 2001, security companies that had products and services to sell generated most of the fear of being hacked on the Internet. But after the 9/11 terrorist attacks, things got wonky. Prophets of doom appeared at every corner, issuing dire warnings of enormous financial losses. And the U.S. government, dipping its pen into propaganda, raised the fear factor by creating the National Strategy to Secure Cyberspace, a list of ''policy initiatives'' issued by the Bush Administration's Department of Homeland Security to combat ill-defined threats. - - - - - - - - - - Citywide 'citizen cards' to hit London London is to introduce a transport smartcard system and boroughs in the city are looking to use it to develop the first stage of a London-wide "citizen" card. By early July, Transport for London (TfL) expects to introduce credit card sized smartcards for adults travelling on the underground and buses across the city in a PS1.2 billion project. Commuters will be able to use this card in replace of monthly and annual tickets. TfL's 80,000 tube and bus employees have been testing the card since last October. UK ID cards - the incredible shrinking consultation - - - - - - - - - - Hey Tony, outta the way, mob moves on `Sims Online' Tony Soprano can keep Jersey (who wants it, anyways?) A new family is movin' in on unclaimed turf -- online. An underground group known as the Sims Shadow Government has taken over the fantasy world that is ``The Sims Online,'' meting out mob justice. It's a violent twist for ``The Sims,'' the dollhouse-inspired computer game that has long been portrayed as the antithesis to guns- 'n-gore bestsellers like ``Grand Theft Auto.'' The emergence of a seedy underbelly in the online game may reveal more about the dark fantasies of middle-aged suburbanites than anyone suspected. Turns out, everyone wants to be Tony Soprano or Don Vito Corleone. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.